Functional and Resilient Cybersecurity:Lessons from a Guerrilla WarfarePerspective

As part of the Erasmus Mundus Joint Masters Degree Program in Applied Cybersecurity (CyberMACS), We had the opportunity to attend a workshop led by Kubilay Omar Güngör, the founder of Cyberstruggle. This session provided not only technical insights but also an eye-opening shift in how cybersecurity should be approached, with a focus on resilience and adaptability—much like the strategies used in guerrilla warfare.

From Cyber War to Cyber Struggle
One of the key takeaways from the workshop was the need to rethink the terminology we use. Instead of framing cybersecurity as “cyber warfare,” the term “cyber struggle” better reflects the ongoing, unpredictable, and evolving nature of cyber threats. Unlike traditional warfare, there is no clear end in sight. Cyber attacks can happen at any time. Whether you’re facing opportunistic attackers or highly organized threat actors, the battle for control of data and systems truly never stops. This constant state of struggle requires a mindset of agility and resilience to respond quickly and stay ahead of potential attackers.

The Role of a SOC (Security Operations Center)
To defend against unpredictable attacks, organizations depend on their Security Operations Centers (SOC). A SOC is the central hub where security teams monitor, detect, and respond to incidents. The defensive SOC teams (blue teams) are responsible for identifying vulnerabilities and responding to breaches, while offensive teams (red teams) focus on testing defenses by simulating attacks. An example of an unpredictable attack could be a zero-day exploit, where attackers use an unknown vulnerability to breach systems, catching security teams off-guard. This reinforces the point that SOC analysts must be well-versed in offensive tactics, just as offensive teams must understand defense. Both sides need a deep knowledge of attacker techniques to anticipate threats and implement robust and proactive defenses.

Cybersecurity and the Human Element
A significant lesson from the workshop emphasized the human aspect of cybersecurity. It is not enough to rely on technology alone. Technology, while essential, can only do so much. Humans remain central to the equation, particularly in decision-making and crisis response. While automation through technologies like SOAR (Security Orchestration, Automation, and Response) can improve efficiency and reduce manual workload, the core of security will
always involve humans. During the session, it was highlighted that certain organizations, despite their technological advancements, failed to adopt a “people-first” approach. Their over-reliance on automation, while ignoring the critical role of humans in management and operations, became a strategic mistake.
Cybersecurity is built on three pillars: data, systems, and people. Ignoring the human factor, especially in cybersecurity, weakens the entire structure. Humans are the last line of defense, and no amount of automation can replace human intuition and critical thinking in addressing dynamic threats.

Stress in the Cybersecurity Workforce
Another critical point discussed was the alarming levels of stress within cybersecurity teams. The intense nature of the work, compounded by the pressure of defending against constant threats, can affect professionals’ well-being. Statistics shared during the workshop revealed that 64% of cybersecurity professionals feel that stress impacts their ability to defend their organizations effectively. Furthermore, 48% said that this stress negatively impacts their mental health, and 40% said it strains their personal relationships. This makes it essential for supportive and resilient working environments. Creating functional teams involves more than just having the right technical skills. Building a culture that prioritizes mental health emotional resilience, and other soft skills is equally important, as stressed professionals may not be able to perform optimally, which could lead to vulnerabilities in organizational defenses. Intellectual bullying and toxic environments can further exacerbate stress, leading to burnout or poor decision-making.

Interdisciplinary Cybersecurity Simulation: Reskilling security front-lines to remain functional, resilient and primed (technically and psychologically), no matter the conditions”, Kubilay emphasized.

Offense, Defense, and Guerrilla Warfare in Cybersecurity
The comparison between cybersecurity and guerrilla warfare was especially impactful. Success in cybersecurity, much like in guerrilla warfare, does not necessarily come from overwhelming resources or strength but from adaptability, speed, and resourcefulness. Attackers often have the asymmetric advantage (having the upper hand) in terms of timing and surprise, and there’s often Friction (the difference between reality and the books), which requires defenders to be agile in their response strategies. Understanding offensive security strategies is crucial in this ongoing cyber struggle. By understanding Threats, Techniques, and Procedures (TTPs) used by attackers, SOC teams can anticipate attacks and fortify defenses accordingly. The focus on risk management, vulnerability assessments, and threat intelligence mirrors the tactics used by guerrilla fighters, who must always stay one step ahead in hostile and unpredictable environments.

Modernization and Its Impact on Cybersecurity
The workshop also touched on the impact of modernization on societies and how it correlates with cybersecurity. As economies, social systems, and infrastructures modernize, they become more interconnected—and consequently, more vulnerable to cyber threats. A disruption in cyberspace can cascade across sectors, affecting everything from individual livelihoods to global markets. This interconnectivity creates an urgent need for adaptable, resilient cybersecurity measures that can evolve alongside modern infrastructures.

Conclusion: Cybersecurity is a Continuous Struggle
Reflecting on the workshop, it is clear that cybersecurity is not a battle that will be won definitively—it is an ongoing struggle that requires vigilance, adaptability, and resilience. The comparison to guerrilla warfare is apt, especially in today’s unpredictable cyber landscape. Success in cybersecurity doesn’t come from brute force, strategic thinking, rapid response, and fostering human resilience. Above all, the session reinforced that cybersecurity is about people. It is about empowering the humans behind the screens to stay prime, always ready for action, resilient, and prepared no matter the odds or the stress. As we advance in technology, we can’t forget that the people behind the systems will always be our most valuable asset in the continuous cyber struggle